logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2011-4128

Description

Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket. #### Bugs * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=648441> #### Notes Author| Note ---|--- [jdstrand](<https://launchpad.net/~jdstrand>) | According to upstream, this is client side only and requires clients to be written in a certain undocumented way. Upstream searched for this and found no clients to be vulnerable.


Affected Package


OS OS Version Package Name Package Version
ubuntu upstream gnutls13 any
ubuntu 10.04 gnutls26 2.8.5-2ubuntu0.1
ubuntu 10.10 gnutls26 2.8.6-1ubuntu0.1
ubuntu 11.04 gnutls26 2.8.6-1ubuntu2.1
ubuntu 11.10 gnutls26 2.10.5-1ubuntu3.1
ubuntu upstream gnutls26 2.12.14

Related